GNOME Bugzilla – Bug 702529
SSH Agent does not work with pkcs8 private key
Last modified: 2018-03-09 15:42:07 UTC
If I use a pkcs8 key for SSH (as described here [1]), ssh-agent fails with "Agent admitted failure to sign using the key. Permission denied (publickey,gssapi-keyex,gssapi-with-mic)." auth.log: "gnome-keyring-daemon[1760]: invalid or unrecognized private SSH key: xxx@xxx gnome-keyring-daemon[1760]: signing of the data failed: The operation failed gnome-keyring-daemon[1760]: no private keys found in file" # gnome-keyring-daemon -srf ** Message: invalid or unrecognized private SSH key: xxx@xxx ** Message: no private keys found in file ** Message: invalid or unrecognized private SSH key: xxx@xxx ** Message: signing of the data failed: The operation failed ssh-add -L list all keys correctly, SSH_AUTH_SOCK is set [1] http://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html
Encountered this issue as well, GNOME Keyring doesn't support the new OpenSSH key format New key format: http://www.openbsd.org/cgi-bin/man.cgi?query=ssh-keygen&sektion=1 ( search for "-o" ) Steps to reproduce: 1. ssh-keygen -t rsa -b 4096 -o 2. add the generated RSA key to your server 3. ssh -v username@server.com Step 3 results in this error message "Agent admitted failure to sign using the key." /var/log/auth.log, you'll find the following errors: no private keys found in file invalid or unrecognized private SSH key: #### signing of the data failed: The operation failed Please fix this, more and more users are using this new format for increased security.
Btw: my system is Ubuntu 14.04 amd64 with OpenSSH v6.6p1
gnome-keyring should just wrap stock ssh-agent to solve this problem: https://bugzilla.gnome.org/show_bug.cgi?id=775981